1 / 26

University Issues

Join experts from University of Wisconsin, Stanford University, University of Waterloo, University of Maryland, and Rensselaer Polytechnic Institute as they discuss managing growth, computer security, residence networking, and backups in university IT systems.

mcjunkin
Download Presentation

University Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. University Issues • William Annis - University of Wisconsin • David Brumley - Stanford University • Robyn Landers - University of Waterloo • Kathy Penn - University of Maryland • Jon Finke - Rensselaer Polytechnic Institute

  2. Format Begin Open Topic_List_Cursor; Loop fetch Topic_List_Cursor into Topic,Presenter; exit when Topic is Null; Introduce(Presenter, Minutes =>1); PresenterDiscusses(Topic, Minutes => 10); PanelRebuts(Topic, Minutes => 5); AudienceComments; end loop end;

  3. Topics: • Managing Growth • William Annis • Computer Security and Incidence Response • David Brumley • Residence Networking • Robyn Landers • Backups - Procedure and Policy • Kathy Penn

  4. Managing Growth • William Annis • Biomedical Computing Group - U Wisconsin • Statisticians - Grads, Faculty and Post Docs • Solaris (20 Servers, 40 desktops), 40 Xterms • Citrix NT for NT applications • Web and database servers. • 2 FT Admins, 1/2 Manager, 3/4 Student

  5. When I started: • No admin, just parts of staff and an occasional grad student • Machines acting as file servers al over campus • Strange, uncommented code kept us running

  6. How we changed: • Wrote a large document • Centralized everything • One OS version • cfengine squashes irregularities

  7. The change: • Took two years -- will be done RSN • Initial steps noisy and obvious • Users still not quite sure of the centralized computing concept • Admin brain-retooling took a while

  8. Computer Security and Incidence Response • David Brumley dbrumley@stanford.edu • Stanford University • Fiber to Internet (100 MB/S single duplex); OC12 to Internet2 (600MB/S full duplex); up to 2.6 gigabit internally (full duplex) • 505 Active subnets, 53216 registered nodes • 18116 PCs, 9305 Macs, 2629 Unix • 2299 Network Infrastructure, 711 Other • 1997 Printer, 338 Unknown, 258 X-terminals

  9. Residence Hall Networking • Robyn Landers rblanders@math.uwaterloo.ca • University of Waterloo, Math Faculty, Undergrad • Mostly Sun(22) servers, X terminals(200) • WinCenter (PC apps on X terminals) • Network Appliance NFS servers • Unix, PC home directories • SGI (14), PC ( 90) and Mac(120)

  10. %cc hello.world.c

  11. eh.oot

  12. Nice starting point: www.adm.uwaterloo.ca/infohous/resnet Techie details: www.ist.uwaterloo.ca/cn/Residence/tech.html

  13. Getting Connected • policy agreement • fill out form, incl. MAC address • forms hand-entered into spreadsheet • scripts extract info into DHCP tab and router ARP entries

  14. Rate Limiting • cron job queries router every 12 minutes • compute traffic volume per IP • daily total (150 Mb/day) • running average (25 Mb/day) • exceed limit => external access cut off • web page where students can check their own stats • reduces accidental and intentional misuse • manual intervention in case of policy abuse

  15. Privacy and Security • access control on hosts that have resnet info • can’t use DHCP info to track down student’s personal info, for example • students can view only their own usage stats

  16. Interesting Problems • student set up rogue DHCP server • some MS W98 network drivers locked up after receiving DHCP answer • some W98 needed a vendor tag set in DHCP entry (value irrelevant) • forging mail and news • client-side denial of service -- client grabs all the IPs • server spoofing

  17. Uninteresting Problems • syntax errors in DHCPtab from manual entry • now have automatic checker • wall jacks fail from abuse

  18. Non-Problems • automatic rate-limiting prevents network overload • students learn and share local sources, reducing need for off-site

  19. Summary • What’s cool • auto rate limiting (Perl. Uses no vendor-specific features. Router just needs to keep and report traffic stats so you can query it.) • web page where studens check their usage • What would be nice • on-line D.I.Y. registration • use the D in DHCP • Other implementations • Stanford’s Secure Public InterNet ACcess Handler http://spinach.stanford.edu

  20. Backup -- Procedure and Policy • Kathy Penn kpenn@isr.umd.edu • Institute for Systems Research, U Maryland • 900 Grad Students, 60 Faculty, 40 Admin Staff • 175 Unix (mostly Sun), 100 PCs & Macs • Sys Admin staff - 5 FTE, 5 Student • 3 Class C Subnets, but routers run by University networking department

  21. Backups • Everyone does them • Everyone does restores • Everyone verifies backups • But does everyone know how?

  22. Document Your Procedures • How to do the actual backups • How to do the restores • Have someone step through the instructions • Don’t forget Why, Where, Which

  23. Document Your Policies • For staff and users • How frequently backups are made • How frequently archival copies are made • How long archives are kept • What do you NOT backup, and why

  24. Restoration Information • How do users request restores? • If they can do their own restores, how? • How long do restores take? • Who can request restores?

  25. IANAL (I Am Not A Lawyer) • Check with your central University policy • Check with University lawyers • Document Everything -- especially your policies

  26. These Slides Will Be Available Near You Soon! • Http:www.rpi.edu/~finkej/u-issues/

More Related